FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Escaping Strings For Data Insertion





welshsteve
Hi everyone. I have used mysql_real_escape_string before to make sure I don't get errors when updating databases. But what do you do when you're inserting data using a html form? There is no mysql data to escape.

I have to say that escaping strings is a real pain as the website I manage deals with people's names, so anyone with an apostrophe in their name causes issues.
welshsteve
I was always told you can't use mysql_real_escape_string to escape strings until you have a data connection, but I have just tried it and it works. I will look at moving to PDO when I re-do the website over the summer (it's a sports league, so don't want to mess with it until the season is finished)
Peterssidan
I'm not sure I understand the problem. All that mysql_real_escape_string does is that it escapes the characters so that they are safe to use in mysql_query().
codersfriend
have you tried htmlspecialchars?
friend2012
Use htmlspecialchars or htmlentities to convert save html tahs and other enities in mysql data.
Later you can use htmlspecialchars_decode or html_entity_decode to get html text.

You can find complete instructions about these function on php.net.
existenz
I don't think there is a real way of fully escaping a string without using mysql_real_escape_string. To use it you must have a connection to the DB opened either with mysql_connect or mysql_pconnect. You can also use it on inserts from HTML forms. For example:

Code:

$name = mysql_real_escape_string($_POST['name']);

mysql_query("INSERT INTO `users` VALUES ('. $name .')");


Hope that helps...
codersfriend
preventing errors from single quotes also helps the security of your website. Since hackers can use sql injection if there is an error in character insert
Related topics
AJAX tutorial [2nd part now updated]
how to insert data into mysql base from a web page
CuteFTP Professional
escapeshellcmd seems to blank my user input
Great php editor
[php scripts ] phpweather&email
Windows Tips&tricks!
pay attition to the new virus Backdoor.Nibu.K
New Data confirms a big earthquake in Central US
DOUBLE HDD AND FTP
How to recover MOST of scratched CD data discs
C++ TUTORIAL : INTRODUCTION TO C++
Ftp Connecting Data Socket Problem....
Base64 Encoding/Decoding
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.